package com.woniuxy.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.security.RolesAllowed;

@RestController
public class HelloController {

    @GetMapping("/hello")
    public String hello(){
        return "hello security";
    }

    @GetMapping("sal")
    @Secured("ROLE_querySal")//权限注解  配置类和注解都要加上ROLE_ 前缀
    public String querySal(){
        return "28000";
    }

    @GetMapping("home")
    public String homePage(){
        return "主页面";
    }

    @GetMapping("queryUser")
    @RolesAllowed("queryInfo")//和Secured注解一样，区别是注解上的ROLE_可加可不加，但配置类上的ROLE_必须加
    public String queryUser(){
        return "用户信息页面";
    }

    @GetMapping("del")
    @PreAuthorize("hasAuthority('goodDel')")//后面都用这个注解控制权限
    public String del(){
        return "删除页面";
    }
}
